Privacy by Design

Privacy by Design: 7 Core Principles


Privacy by Design

Privacy by Design is a framework in which privacy and data protection are embedded throughout the entire life cycle of a product from the early design stage through use and eventual closure. The foundational concept is that privacy needs to be built directly into technology, systems and practices at the design and initial phases, thereby ensuring the existence of privacy and appropriate data protection controls from the outset of any technological venture.


Privacy by Design is a concept developed by
Dr. Ann Cavoukian in 1995 to address the growing and systemic effects
of technology, and of large-scale networked data systems.


Her groundbreaking concept of Privacy by Design advances the view that the future of privacy is best guaranteed by default embedding of privacy controls from origination by organisations rather than compliance with regulations.


Read more about her: https://en.wikipedia.org/wiki/Ann_Cavoukian
Find out more about her company: https://gpsbydesigncentre.com/
Follow her on twitter: https://twitter.com/AnnCavoukian

What exactly is Privacy by Design?

Privacy by Design is a core view that the data privacy cannot be assured solely by compliance
with regulatory frameworks. An organization’s default mode of operation should be data protection and privacy based. The number of data breaches reported and litigated is primary evidence that the application of the principle is not being properly done from the beginning of development.

The principles of Privacy by Design should be applied to technology which handles or processes any and all types of personal information, but is especially applicable to sensitive data such as medical and financial data. The strength of the built-in privacy measures need to be commensurate with the sensitivity of the data.

Let Chang Law Help your Data Protection & Privacy Needs!

Free Consultation!

The 7 Principles of Privacy of by Design are:

Proactive not Reactive; Preventative not Remedial

The Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates
and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize,
nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent
them from occurring. In short, Privacy by Design comes before-the-fact, not after.

Privacy as the default setting

the default rules! Privacy by Design seeks to deliver the maximum degree
of privacy by ensuring that personal data are automatically protected in any given IT system or business
practice. If an individual does nothing, their privacy still remains intact. No action is required on the part of
the individual to protect their privacy — it is built into the system, by default.

Privacy embedded into design

Privacy by Design is embedded into the design and architecture of IT systems and business practices. It is not
bolted on as an add-on, after the fact. The result is that privacy becomes an essential component of the core
functionality being delivered. Privacy is integral to the system, without diminishing functionality.

Full Functionality — Positive-Sum, not Zero-Sum

Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner,
not through a dated, zero-sum approach, where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is possible to have both.





Visibility and Transparency — Keep it Open

Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in
fact, operating according to the stated promises and objectives, subject to independent verification. Its component
parts and operations remain visible and transparent, to users and providers alike.

Respect for User Privacy — Keep it User-Centric

Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost
by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly
options.

End-to-End Security — Full Lifecycle Protection

Privacy by Design, having been embedded into the system prior to the first element of information being
collected, extends securely throughout the entire lifecycle of the data involved — strong security measures
are essential to privacy, from start to finish. This ensures that all data are securely retained, and then securely
destroyed at the end of the process, in a timely fashion. Thus, Privacy by Design ensures cradle to grave,
secure lifecycle management of information, end-to-end.

Need help with your data protection regime?

Schedule a free 15 minute consultation with us!

DISCLAIMER

NOTE: The materials available on the blog and website are for informational purposes only and not for the purpose of providing legal advice. You should retain an attorney-at-law to obtain advice with respect to any particular issue or problem. Use of and access to this Web site or any of the contacts contained within the site do not create an attorney-client relationship between Chang Law and the user or browser.

Contact us for more information

This lets us know which of our practice areas your issue falls in so we can more ably try to assist you.

Location

Kingston, Jamaica

Email

info@thechanglaw.com

Phone

876-470-1966